We all work in the internet security industry, and as such we're involved with a wide range of technologies, markets and people. Our collective blog is a space for our insights, observations and interests...

(N.B. The opinions expressed here are those of the individual authors, and not those of Smoothwall ltd or Smoothwall inc.)

Tuesday, May 31, 2011

Few people have time to become an Internet Security expert, but with this post i'm going to introduce you to some websites, tools and other resources that can give you a bit of an edge, and, importantly, look impressive to the uninitiated. As a network manager, you're supposed to know everything about anything that has a cable attached - so finding time to be an all-areas expert is not going to fly. Luckily we can alter our users' perception and be seen as a security champ. We all know you're probably doing the right stuff in the background, all the unexciting bits, so let's see if we can't find something with a bit of sparkle.

A user asks "is this a virus" - now you can not only be more confident, but you have got a nice looking report as well, thanks to virustotal.

Looking like a hacker from the movies is easier than you think - network swiss-army-bazooka nmap (movie references here) has a nice graphical front-end, is easy to use and actually really handy, go get zenmap. Bump the shiny up another notch, and Overlook Fing is like a miniature nmap on android or iphone.

Keeping up with the latest news and views in security is tough, but if there's one guy who's opinion it is always worth reading, it's Bruce Schneier. Luckily, he publishes a monthly newsletter, Cryptogram. Sign up here.

We can't all keep a virtual machine knocking around to burn testing dubious looking links. Luckily, we can get a fair idea if a link is going to riddle us with zero-day hell, and a nice report to boot from the folks at wepawet.

Many people thought I should have included this one at number one - a great looking packet analyzer with a cool name, Wireshark (or Ethereal as it was formerly known) can be used to find out a lot about your network, and is great for seeing what's really going on. Pulling unencrypted passwords and snippets of plaintext conversation off the wire - always a good demo. Remember you can use tcpdump (on your Smoothwall or other Linux-based firewall!) to pick up packets to look at later as well. One that takes a bit of learning, but well worth it. Get Wireshark here.

Most of us are Windows users, but Linux has a lot to offer. Even if you don't run Linux all the time, there are a couple of live cds which will run without modifying your PC. For the security minded, there's the Trinity Rescue Kit, ever helpful for recovering "lost" passwords, and for the slightly more black-hatty among us, backtrack is the place to be. An unfamiliar and complicated looking interface will do your status with your users no end of benefit. Download and burn trk or backtrack.

I've limited my list to free tools and resources which would generally be accessible to a broad range of network managers and IT techs, but I might have missed your favourite - get in touch, and leave me a comment!

In the past few weeks, there have been indications that two of the Internet's biggest browsers are reconsidering the central position of the URL in web browsing. Firefox and Chrome's designers are looking at ways to downsize, repurpose or remove the traditional "location bar" where traditionalists have been used to typing web addresses for years.

This comes as no great shock - even in the early days of the web, efforts were made by the likes of AOL to use keywords to navigate to websites. AOL failed, ultimately, but the concept succeeded. In today's web, entering a known URL is unusual for most people - we trust our search engines to bring back the content we require from our search terms, and we use our bookmarks to keep track of things we like - never needing to see the URL itself. Advertisers are starting to make more use of this too - it is increasingly difficult to get short, memorable domain names, and people make typos. If you can be sure your site ranks well for the name of your company, you don't need to worry about people mis-spelling your domain (and when your name is a bit tough to pronounce outside of the English speaking world.. or even in it... yeah, but we have always been called Smoothwall, so we're sticking to it, thanks!).

With the web losing some of the location-based addressing that ties content to domains and urls, and more web applications taking content from a variety of sources, this move would seem to send a warning to some popular URL-(ab)users - who needs link shorteners in a world without typing links? If everything is sent with embedded links, or transferred to meatspace as keywords rather than URL these services may see a decline. Interestingly for Smoothwall, and our users, this could accelerate the demise of the URL filter. When we no longer need sites to identify themselves as positively in URL, we can be more ambiguous - for example, bbc may no longer feel the need to have all sport under /sport - they aren't doing that to benefit a URL filter, and if there's diminishing benefit for the consumer, need they maintain these syntactic niceties?

Thursday, May 26, 2011

Spring is a good time to take stock of what’s working and what’s not. Students are busy taking final exams, and for School IT administrators, it might be time to test your network security solution and make sure it’s delivering what you need.

Here are five tips to make sure your network security and filtering solution is doing its job to make yours easier:

Appearances can be deceiving: Don’t just look at the URL, but look deeper into a page and content-scan the words and phrases. This insures that all pages are categorized, and a page can’t hide itself as something it’s not. Make sure your filter can determine context, content and construction to block out those tricky bad guys.

Look for “Just Right” blocking: IT administrators can be worn to a frenzy keeping up with the educators’ requests to unblock websites they need, while keeping a strong block in place. A smart filtering solution avoids over-or under-blocking and provides just the right level of blocking.

Go for the Interception: Students have become increasingly savvy in finding their way around blocked websites using proxy anonomizers. Look for solutions that can intercept HTTPS traffic to catch HTTP proxies as well as HTTPS proxies. With the right solution, users trying to get around blocked sites will be intercepted- achieving your goal for a safe network.

Be the all-seeing eye: IT administrators don’t have time to constantly scan the network. They need reporting functions that help make their life easier, not more difficult. During certain hours such as lunch or between classes, it may be good to keep a closer eye on network activity. Real-time content scanning provides valuable visibility, allowing IT administrators to nip potential problems in the bud.

Network Security never sleeps: It’s not just the school grounds that must be protected. Users who rely on laptops, netbooks or even Mac portables must also be protected while away from the school's network. The full policy and profile safeguards that apply while those laptops are connected on campus must apply when taken home or on field trips, and while those units are connected to the Internet at the local airport or other wi-fi hotspots. Upon return to the school's network, all reporting and tracking of web activities should be aggregated to the reports the school's administrators and teachers receive on student (or staff) activities.

Does your network security deliver these points? If not, spring is a good time to think about making a change. Once you have a network security solution in place that does its job, you can finally escape the glare of your computer screen and enjoy all that warm spring sunshine.

Thursday, May 19, 2011

What’s as bad as bedbugs for hotels today? Like bedbugs, this threat is invisible when guests check in and the consequences may not be evident until long after the guest leaves. It’s extremely costly, with loss of revenue and legal costs. (Yes, it’s so nasty that lawyers are involved.) It’s a growing trend: video downloads on your network.

It started off innocently enough. Once upon a time, hotels had a nice revenue stream from pay-per-view films. Travelers who wanted to relax in their room had a few options: the regular TV programming, the book they may have brought, or splurge for a pay-per-view movie.

Then the internet revolution came about. Hotels began offering internet access in response to demands from business travelers and others who wanted to keep up with emails and their favorite websites. Then the availability of high quality video downloads and new devices with higher resolution began to change the game. Instead of paying for pay-per-view movies, guests could download videos for free on their own notebooks or iPads.

What does this mean for hotels? Colliers PFK Hospitality Research reports that hotel revenue from pay-per-view films has shrunk by 39%. Their study shows that in 2000, each hotel room would collect approximately $288 in pay-per-view revenue annually. Today, the average hotel room collects only $175 annually. The likely cause of this decline in revenue is the many alternatives found on the Internet for videos, gaming and other on-line entertainment.

Even more ruinous, many of these downloads are illegal downloads of copyright protected movies. Hollywood is becoming aggressive in pursuing perpetrators. Film producers are hiring law firms such as one known as The U.S. Copyright Group to issue subpoenas to internet service providers and get the names of individuals who downloaded these films. For hotels, that ISP address is under their name, and is their responsibility. Fines range from $1,500 to $2,900 or more per incident, or defendants could face even larger fines in court. While this type of tactic may not bear up under the scrutiny of higher jurisdictions or legal reviews, the risks remain the same, whether for an individual or a hotel management group: downloading of illegally-obtained copyrighted materials may be bad for your health and your wealth, if the lawyers have their way with you. (To see what one company is doing to offer hoteliers a sound solution go to: www.hotelpeertopeer.com)

Naturally, for hoteliers there’s the ongoing challenge of finding a way to provide the guest with good service, ample access to the Internet and still protect the institution from legal problems. Hotel IT administrators: this is your wake-up call. Make sure you are blocking illegal downloads on your network. Secure your network and sleep well at night: just don’t let the bed bugs bite.(that’s another worry for hoteliers, but not the topic of this post, by the way).

Wednesday, May 11, 2011

What’s a school to do? Education budgets, especially in the United States, are being cut while network security threats continue to grow. School administrators and IT managers must meet growing compliance requirements, as well as face down the threats posed by students who have grown up on-line and know their way around network filters and blocks. Teachers, staff and students all have varying needs for access to the Internet and Web resources, but must also be monitored, provided secure connections and prevented from time-wasting or inappropriate sites. What’s a school to do?

·What reporting systems are in place? Efficient reporting functions can help save time and resources, reducing network security costs. How long does it take to run reports?

·Is it easy to monitor live logs as well as what’s been happening over the last 24 hours?

·Can you identify websites that might be potential time-wasters for staff and students, to save resources for those sites that promote instruction in the classroom?

Network security, when done right, should be a cost-saver. Likewise, when done right, network security is a productivity-booster. And, without a doubt, the risks and costs of an unsecured network are far greater than the expense of protection. So, while Benjamin Franklin (U.S. patriot, publisher, inventor, statesman and all-around intellectual) was famous for proving that lightning can strike a kite and shed light on the nature of electricity, he also famously said, “An ounce of prevention is worth a pound of cure.”

Which does your school prefer? To be struck by lightning or to be protected from the viruses, worms, spies and dangers that lurk around the edge of your network? Network security is worth every penny, every pound and every dollar you invest in it.

Thursday, May 5, 2011

You didn’t realize it at the time, but your mother taught you everything you need to know about network security--or at least the important highlights. After all, mom’s goal is the same as ours as network security administrators: to keep us all safe.

Does any of this advice sound familiar?

1. Be suspicious, trust nobody. That goes for users on your network, as well as messages you receive from friends. Make sure users aren't allowed to download anything without permission. Be wary of suspicious links or invitations to join new social networks. These could be phishing attacks in disguise.

2.Lock the door. You wouldn’t let strangers into your house, so why would you let them onto your network?

3.Do your homework. Threats change daily. Keep up on newest threats so you can make sure your network is prepared for them.

4.Keep things clean. What she meant (in addition to clean socks and washing your hands regularly) was to make sure your PC, network protection and malware detection software is always up to date. Updated software and network protection will help keep the bad guys out.

5.Always be aware. Look before you cross the street, even if you don’t hear a car, and don’t assume some websites are safer than others. Sometimes the most “trusted” sites can be more dangerous. Educate other users on your network to inform them of the risks.

So let’s hear it for Mom. The network security savvy we have today originates in her good advice. It’s one more reason to thank her for all that she’s done for us. Oh, by the way, Happy Mothers’ Day!